7:33 a.m.
Is Keycloak 1.8 susceptible to this vulnerability?
Cisco Talos has identified millions of vulnerable JBoss servers that can potentially be
infected with SamSam ransomware
Attackers used a JBoss-specific exploit called JexBoss -- a Jboss verification and
exploitation tool -- to compromise vulnerable servers and then install webshells and
backdoors for remote access. Cisco Talos researchers found that compromised JBoss servers
typically have more than one webshell installed, suggesting that the systems have been
repeatedly compromised by different actors. The list of webshells include mela,
shellinvoker, jbossinvoker, zecmd, cmd, genesis, sh3ll, and jbot.
http://www.infoworld.com/article/3058254/security/patch-jboss-now-to-prev...
__________________________
BEN BAZIAN
Director, Information Systems
MBO Partners
[cid:image001.png@01D057F2.BE72C880]
t: 703.793.6010
f: 703.793.6079
e: bbazian(a)mbopartners.com
w: mbopartners.com
s: Twitter<http://www.twitter.com/mbopartners> |
Linkedin<https://www.linkedin.com/company/mbo-partners> |
Facebook<https://www.facebook.com/mbopartners>
Notice: This email and any files transmitted with it are confidential. They are intended
solely for the use of the individual addressed. If you have received this email in error
please notify postmaster@mbopartners.com<mailto:postmaster@mbopartners.com> and
permanently delete the e-mail and files.
7:45 a.m.
No. From the same link you sent:
"The vulnerability is more than six years old and Red Hat patched the
flaw back in 2010."
I read somewhere else that this affected JBoss AS up to 6.x. Keycloak is
deployed on a recent version of Wildfly, so, no, Keycloak is not affected.
- Juca.
On 19.04.2016 14:33, Ben Bazian wrote:
Is Keycloak 1.8 susceptible to this vulnerability?
Cisco Talos has identified millions of vulnerable JBoss servers that can
potentially be infected with SamSam ransomware
Attackers used a JBoss-specific exploit called JexBoss -- a Jboss
verification and exploitation tool -- to compromise vulnerable servers
and then install webshells and backdoors for remote access. Cisco Talos
researchers found that compromised JBoss servers typically have more
than one webshell installed, suggesting that the systems have been
repeatedly compromised by different actors. The list of webshells
include
mela, shellinvoker, jbossinvoker, zecmd, cmd, genesis, sh3ll, and jbot.
http://www.infoworld.com/article/3058254/security/patch-jboss-now-to-prev...
__________________________
*BEN BAZIAN*
*Director, Information Systems*
MBO Partners
cid:image001.png@01D057F2.BE72C880
*t*: 703.793.6010
*f*: 703.793.6079
*e*: bbazian(a)mbopartners.com
*w*: mbopartners.com
*s:*Twitter <http://www.twitter.com/mbopartners> |Linkedin
<https://www.linkedin.com/company/mbo-partners> |Facebook
<https://www.facebook.com/mbopartners>
Notice: This email and any files transmitted with it are confidential.
They are intended solely for the use of the individual addressed. If
you have received this email in error please notify
postmaster(a)mbopartners.com <mailto:postmaster@mbopartners.com> and
permanently delete the e-mail and files.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:05 a.m.
I find the timing of this article to be very weird. As Juraci said,
this was something that was patched more than 6 years ago.
On 4/19/2016 8:45 AM, Juraci Paixão Kröhling wrote:
No. From the same link you sent:
"The vulnerability is more than six years old and Red Hat patched the
flaw back in 2010."
I read somewhere else that this affected JBoss AS up to 6.x. Keycloak is
deployed on a recent version of Wildfly, so, no, Keycloak is not affected.
- Juca.
On 19.04.2016 14:33, Ben Bazian wrote:
> Is Keycloak 1.8 susceptible to this vulnerability?
>
> Cisco Talos has identified millions of vulnerable JBoss servers that can
> potentially be infected with SamSam ransomware
>
> Attackers used a JBoss-specific exploit called JexBoss -- a Jboss
> verification and exploitation tool -- to compromise vulnerable servers
> and then install webshells and backdoors for remote access. Cisco Talos
> researchers found that compromised JBoss servers typically have more
> than one webshell installed, suggesting that the systems have been
> repeatedly compromised by different actors. The list of webshells
> include
> mela, shellinvoker, jbossinvoker, zecmd, cmd, genesis, sh3ll, and jbot.
>
>
http://www.infoworld.com/article/3058254/security/patch-jboss-now-to-prev...
>
> __________________________
>
> *BEN BAZIAN*
>
> *Director, Information Systems*
>
> MBO Partners
>
> cid:image001.png@01D057F2.BE72C880
>
> *t*: 703.793.6010
>
> *f*: 703.793.6079
>
> *e*: bbazian(a)mbopartners.com
>
> *w*: mbopartners.com
>
> *s:*Twitter <http://www.twitter.com/mbopartners> |Linkedin
> <https://www.linkedin.com/company/mbo-partners> |Facebook
> <https://www.facebook.com/mbopartners>
>
> Notice: This email and any files transmitted with it are confidential.
> They are intended solely for the use of the individual addressed. If
> you have received this email in error please notify
> postmaster(a)mbopartners.com <mailto:postmaster@mbopartners.com> and
> permanently delete the e-mail and files.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3168
days inactive
3168
days old
3 comments
4 participants
participants (4)
-
Ben Bazian -
Bill Burke -
Juraci Paixão Kröhling -
Marc Boorshtein